If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

I'm updating a login script i made in college. I only want to enter the query once (selecting the fields and table).

So I have 1 page for the form, and initial selecting of the user from the DB.
Then a second that i include at the top of each page that checks if the sessions are active and the user is still in the database. Maybe i do not need the query in second page?

Regardless of whether you need to store a query in the session data (I'm not convinced that should be the case), you probably do not need to encrypt it since it stays on the server (only the session ID is sent to the client). If you are concerned that you're on a shared server and someone might be able to view your session data, then you could use your database to store the session data.

Ultimately, if you do need to encrypt your data, you need to use an encryption function rather than a hashing function such as md5().

I have been wondering about how sessions are shown on the client side. So there is no way that a user can access the data stored in a session?

the reason i only want to enter the query once (as a variable) is so I can use the same login script for multiple login areas on the same site. Other wise I will have to duplicate all the login pages just to change one line of query information.

I have been wondering about how sessions are shown on the client side. So there is no way that a user can access the data stored in a session?

No, the session data is never sent to the client, only the session ID cookie is.

the reason i only want to enter the query once (as a variable) is so I can use the same login script for multiple login areas on the same site. Other wise I will have to duplicate all the login pages just to change one line of query information.

any ides on how this could be better accomplished?

Not 100% sure why you want to do that, but it seems to me more like something you would do in a config file that you could then include/require wherever you might need it, either setting that query string as a variable or constant, or defining a function to handle it where you could pass the WHERE clause as a function argument.

Do you just want to keep the user logged in on your site while he/she goes from page to page? You could store that info into either a session variable or a cookie. If you do store passwords, always hash them (in the DB and session var or cookie), either using MD5 or there are others as well with more complex encryption.

If you absolutely need to have the login script displayed in parts on each page, then as NogDog mentioned you could include a template file in each page, with arguments, like: